Full List

Search

Recent Vulnerabilities

• CVE-2002-1100 • published on September 10, 2002 Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface.
• CVE-1999-1570 • published on August 31, 2002 Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.
• CVE-1999-1569 • published on August 31, 2002 Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit.
• CVE-2000-1213 • published on August 31, 2002 ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.
• CVE-2000-1204 • published on August 31, 2002 Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
• CVE-2000-1205 • published on August 31, 2002 Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
• CVE-2000-1206 • published on August 31, 2002 Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
• CVE-2000-1214 • published on August 31, 2002 Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.
• CVE-2001-1390 • published on August 31, 2002 Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.
• CVE-2001-1396 • published on August 31, 2002 Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
• CVE-2001-1399 • published on August 31, 2002 Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
• CVE-2001-1404 • published on August 31, 2002 Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.
• CVE-2001-1388 • published on August 31, 2002 iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator.
• CVE-2001-1389 • published on August 31, 2002 Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination.
• CVE-2001-1395 • published on August 31, 2002 Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.
• CVE-2001-1398 • published on August 31, 2002 Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.
• CVE-2001-1402 • published on August 31, 2002 Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
• CVE-2001-1403 • published on August 31, 2002 Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
• CVE-2001-1405 • published on August 31, 2002 Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
• CVE-2001-1393 • published on August 31, 2002 Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).